CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

CVE-2023-43029

CVE-2023-43029 affects IBM Storage Virtualize vSphere Remote Plug-in (versions 1.0 and 1.1). Root cause described in IBM security bulletin: credentials used for vSphere admin and registration may be exposed in the plugin support package after deployment, enabling a remote user to obtain sensitive...

CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

Security Bulletin: After deploying IBM Storage Virtualize vSphere Remote Plug-in, credentials used for vSphere admin and registration with IBM Storage Virtualize products may be exposed in the plugin support package (CVE-2023-43029)

Summary The credentials-encrypted key is not unique across all IBM Storage Virtualize vSphere Remote Plugin virtual machine instances deployed from a Fix Central via OVA. It is possible that the credentials for IBM FlashSystem, IBM SAN Volume Controller, IBM Storwize, vSphere admin, and...

PT-2025-12432 · Ibm · Ibm Storage Virtualize Vsphere Remote Plug-In

Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize vSphere Remote Plug-in versions 1.0 through 1.1 Description: The issue allows a remote user to obtain sensitive credential information after deployment. Recommendations: For versions 1.0 and 1.1, consider restricting...

IBM Storage Virtualize vSphere Remote Plug-in 安全漏洞

IBM Storage Virtualize vSphere Remote Plug-in is a vSphere remote plug-in for storage virtualization from International Business Machines IBM. It can be used to remotely manage and configure IBM Storage Virtualization resources. A security vulnerability exists in IBM Storage Virtualize vSphere...

SUSE CVE-2025-2241

A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information where vCenter credentials are stored in plaintext within the ClusterProvision object after provisioning a vSphere cluster. Users with read access to ClusterProvision objects can extract these...

The vulnerabilities of vSphere CPI (Cloud Provider Interface) and vSphere CSI (Container Storage Interface), which are software platforms for deploying containers in a production environment, allow attackers to exploit them to disclose sensitive information.

The vulnerability of vSphere CPI Cloud Provider Interface and vSphere CSI Container Storage Interface, two components of the software platform for container deployment in a production environment, is related to insufficient protection of registration data. Exploiting this vulnerability can allow ...

Cisco Nexus Uncontrolled Resource Consumption (CVE-2020-3168)

A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module VSM to become inaccessible to users through the CLI. The vulnerability is due to...

PT-2024-15284

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the latest patch release Description A critical security issue in VMware vCenter Server allows attackers to execute remote code on affected systems. This flaw is being actively exploited by cybercriminal...

CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157

CVE-2022-45157 affects Rancher where vSphere CPI/CSI credentials used to deploy clusters are stored in plaintext within Rancher. This leads to HIGH impact on confidentiality and integrity for vSphere environments (passwords stored insecurely in a Rancher object). CVSS data in the initial document...

VMware vSphere 8.0 Known Issues

...

VMware vSphere 7.0 Known Issues

...

GO-2024-3223 Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher

Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GHSA-XJ7W-R753-VJ8V Exposure of vSphere's CPI and CSI credentials in Rancher

Impact A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a...